NETWORKING

Linux And Active Directory: Learning To Live Together

Looking for a good way to integrate your company's Linux desktops with Microsoft Active Directory? Novell just might offer the easiest solution -- but it certainly isn't the only game in town.

Looking for a good way to integrate your company's Linux desktops with Microsoft Active Directory? Novell just might offer the easiest solution -- but it certainly isn't the only game in town.Last March, Novell rolled out new versions of its SUSE Linux Enterprise Desktop (SLED) and Server (SLES) products. Both offer a number of interesting new features, and SLED 11 is an especially attractive option for business users. Among other advantages, SLED combines solid driver support (including both ATI and Nvidia graphics cards), a well-rounded set of desktop software packages, and an elegant user interface designed to keep both Mac and Windows users happy.

(Want to know more about SUSE 11? NetworkWorld recently published separate reviews of SLED and SLES that provide a good overview of what's new in each product.)

Now, Novell says it will also provide SLED 11 users with Likewise Enterprise -- a commercial open-source application that extends Microsoft Active Directory support to Linux desktop systems. Likewise provides full Active Directory interoperability with Linux, Unix, and Mac desktops, including user authentication, single sign-on support, group policy management, and migration support for existing NIS-based Linux and Unix user credentials.

Likewise also offers a free version of its software under a GPL license. While it offers the same basic Active Directory support features, it lacks the management, configuration, and data-migration capabilities of the Enterprise product.

Bear in mind that SUSE, like Red Hat Enterprise Linux, is a commercial open-source product. Users are required to pay up-front subscription fees, which include access to technical support and third-party features such as Likewise Enterprise.

Integrating Linux systems into an Active Directory infrastructure has always been a dicey proposition at best. Can Likewise and Novell really turn this task into a non-issue for desktop Linux users?

If you're looking for a risk-free solution, the answer is no. Then again, if you're looking for a risk-free solution, you're in the wrong line of work.

On one hand, Microsoft still does not (as far as I know) support Active Directory authentication for non-Microsoft client systems. On the other hand, Novell already enjoys a unique -- and highly controversial -- relationship with Microsoft. Since 2006, Microsoft has invested $340 million in this agreement, which also includes technology-sharing and -assistance agreements that have clearly influenced the evolution of Novell's SUSE Linux products.

I won't opine here on the wisdom of Novell's dealings with Microsoft. There are plenty of people who cover that beat already, often in exhausting detail. And frankly, it's a debate that won't matter to companies that are far more concerned these days with staying in the black than dabbling in open-source religious wars.

There will, however, soon be another way to tackle the challenge of integrating Active Directory with a mixed desktop environment. The next version of the open-source Samba project aims to combine full Active Directory feature parity with a streamlined, just-work approach to implementation.

Samba 4 has been a long time coming; it continues under heavy development and remains unsuitable for production use. The project has not yet set a release date, although that could happen before the end of the year. Given the fact, however, that Microsoft is working closely with the Samba development team -- including on-site work with the company's own engineers -- there is a good chance that Samba 4 will hit its ambitious release goals.

Keep in mind that Samba 4 and Likewise Enterprise tackle the same technology challenge from different directions. While Likewise integrates non-Microsoft clients seamlessly into a traditional Active Directory infrastructure, Samba 4 aims to duplicate full Active Directory functionality using a completely open and interoperable set of network protocols.

Which approach a company chooses naturally depends upon its own technology needs and business requirements. Thanks to these open-source projects, however, companies that rely upon Active Directory will finally enjoy the ability to make a choice.

Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.